Data Breach? 6 Critical Steps All Workplaces Must Take

Companies have a 1 in 4 chance of experiencing a data breach today, according to the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview.

With the cost of a data breach reaching an average of £2.48 million, what this all adds up to is the importance of incident response planning – and doing everything to rectify and reduce the impact of a data breach.

Here’s a step-by-step guide to what to do if your company experiences a data breach.

Put the response team in motion.

As soon as you become aware of a breach, alert your response team. The team lead should have decision-making authority, and report to the Board. An incident response team has been the top cost-reducing factor for the last three years according to Ponemon, reducing the cost-per-record by £14.37.

Contain the problem.

Identify the source of the breach as quickly as possible (was it caused by a faulty firewall, malware, a lost laptop, or a phishing attack?) and contain the compromise. This could mean isolating the compromised section of the network, finding a lost piece of equipment, or changing the access codes at the front door. What’s most important is determining what you can do to manage the breach – and doing it.

Assess the risks.

Now it’s important to determine how sensitive the breached data is, and what the real-time risks are. If it’s a ransomware attack, perhaps the ransomed data is just needed by employees to do their jobs, and there are backup files that can be accessed. Theft of customer data, on the other hand, could lead to identity theft. Inform the police if appropriate.

Put safeguards in place so it doesn’t happen again.

The initial fix should address the different aspects of the breach but investigators should also do a root cause analysis to help prevent the problem from reoccurring. Forensics can be used to find this information.

Send out notifications.

Do any notification rules apply? Different privacy laws by country and industry have different notification requirements. For companies that handle confidential data belonging to European Union EU residents, the new GDPR will require notification within 72 days of discovery.

Make improvements to security.

Evaluate the incident response plan and implement policies, procedures, and technology that improve safeguards. This would include IT safeguards on all hard drives but also a review of how collected data is managed (a comprehensive Document Management policy is recommended). Monitor staff awareness of security, and provide ongoing training. Partner with a document destruction company that has a secure chain of custody and provides paper and digital data destruction services.